Back/Cookie Policy

Cookie Policy

Last updated: 2026-04-22

What is a cookie?

A cookie is a small file your browser stores for a website. NovaCanva uses cookies in three categories: strictly-necessary (always on), analytics (opt-in), and marketing (not used at the moment). You choose which categories to enable via the cookie banner shown on your first visit, and can change your mind anytime.

1. Strictly-necessary cookies (always on)

These are required for the Service to function. You cannot opt out of them. • sb-access-token / sb-refresh-token (Supabase) — keeps you signed in between visits. Expires in 7 days. First-party, set by Supabase. • nc-consent-v1 (local storage) — remembers your cookie choices. Expires when you clear storage. First-party. • nc-ratio / nc-theme (local storage) — remembers last canvas ratio and theme. Expires in 1 year. First-party.

2. Analytics cookies (opt-in)

Loaded only after you accept analytics in the cookie banner. These help us understand which features are used most, so we can improve the product. Provider: to be announced (shortlist: Plausible, Vercel Analytics, or PostHog). Data collected: page views, clicks on primary buttons, export format selected. No personal identifiers, no cross-site tracking, no ads.

3. Marketing cookies

We currently do NOT set any marketing cookies. No retargeting, no advertising pixels (Meta / Google Ads / TikTok Pixel / etc.), no third-party ad scripts. If this changes, this policy will be updated and we will re-ask your consent.

Managing your choices

You can clear cookies anytime from your browser settings. Clearing Supabase session cookies will sign you out. To re-open the cookie banner, clear the nc-consent-v1 key from your browser's local storage.

Browser storage (not cookies)

Your saved projects are stored in IndexedDB, not cookies. They stay on your device and are never sent to a server unless you explicitly enable Cloud Sync (planned post-beta). Clearing your browser's site data will delete your saved projects.

Third-party services

• Supabase (auth + DB) — sets session cookies (strictly necessary). • Google Fonts — loads the 6 fonts used in the Text layer. No cookies set by Google, but IP addresses may be logged during font delivery. • Cloudflare (CDN / DNS) — may set cf_ cookies for DDoS protection. Strictly necessary. • Future: Stripe (payments) — will add cookies only on the checkout page, covered by a separate notice when rolled out.

Contact

Questions: hello@novacanva.com

Questions about this page? hello@novacanva.com